How to fetch the latest windows updates for the last 30 days or less

I’m looking for a way to extract the list of most recent patch Tuesday fixlets from BigFix such as the last 30 days or less, I also need a way to filter based on keywords, for example I need to exclude any updates for Windows server 2019 while keeping the results for windows server 2022.

I tried to query the api but unfortunately the LastModified time stamp does not reflect what I see on the BigFix console gui

https://<IP_ADD>:52311/api/fixlets/external/Enterprise%20Security
or
iem get fixlets/external/Enterprise%20Security
sample:

UPDATE: Windows Vista Service Pack 1 Available - Known Issues
44603


UPDATE: Windows Vista Service Pack 1 Available (x64) - Known Issues
44604


UPDATE: Windows Vista Service Pack 1 Available - Installation Not Complete
44605


UPDATE: Windows Vista Service Pack 1 Available (x64) - Installation Not Complete
44606

Thanks,
SS

The xml did not translate correctly but all of the results showed with LastModified="Thu, 11 Jul 2024 21:50:54 +0000

Are you primarily interested in APIs, or will WebUI/Console suffice?

You can try below session relevance:
(name of it, source release date of it) of bes fixlets whose (exists source release date of it AND source release date of it > (current date - 30 * day) AND name of site of it = "Enterprise Security" AND name of it does not contain "Windows Server 2019" AND fixlet flag of it)

You can also export similar results from WebUI → Patch & from Console using Custom Filters.

As suggested above, Session Relevance allows more control around the data coming back and more easily filter based on the desired criteria. Another sample session relevance query might be something like:

(name of it) of bes fixlets whose (display name of site of it = “Patches for Windows” AND ((modification time of it > (now - 30 * day)) OR creation time of it > (now - 30 * day)) AND name of it does not contain “Windows Server 2019”)

This can be run against the REST API via the /api/query resource: https://developer.bigfix.com/rest-api/api/query.html

If we URL encode the query above, an API call might look something like:

https://mybigfixserver:52311/api/query?output=json&relevance=(name%20of%20it)%20of%20bes%20fixlets%20whose%20(display%20name%20of%20site%20of%20it%20%3D%20"Patches%20for%20Windows"%20AND%20((modification%20time%20of%20it%20>%20(now%20-%2030%20*%20day))%20OR%20creation%20time%20of%20it%20>%20(now%20-%2030%20*%20day))%20AND%20name%20of%20it%20does%20not%20contain%20"Windows%20Server%202019")

Thanks Aram this is working, looking at the results now and I’m wondering how to expand the exclusion list using other keyword in addition to the current exclusion, for example exclude windows Server 2019 and other updates like windows 10 1507 and more?

Hi @S2S, would it be easier to simply filter for OSes that you’re interested in as in this example where I simply use a regex and use the pipe | symbol to act like an OR in between each value (OS)?

(name of it) of bes fixlets whose (display name of site of it = "Patches for Windows" AND ((modification time of it > (now - 30 * day)) OR creation time of it > (now - 30 * day)) AND name of it contains regex ("Windows Server 2022|Windows Server 2016|Windows 10 Version 22H2"))

But here is an example of what you requested to filter out Windows 10 Version 1507:

(name of it) of bes fixlets whose (display name of site of it = "Patches for Windows" AND ((modification time of it > (now - 30 * day)) OR creation time of it > (now - 30 * day)) AND name of it does not contain regex ("Windows Server 2019|Windows 10 Version 1507"))

-Gus

Thanks Gus this is working for me.